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Before LANCE LEONARD BARRY, THU A. DANG, and CAROLYN D. 
THOMAS, Administrative Patent Judges. 

BARRY, Administrative Patent Judge. 

DECISION ON APPEAL 
STATEMENT OF THE CASE 
The Patent Examiner rejected claims 55-81. The Appellants appeal 
therefrom under 35 U.S.C. § 134(a). We have jurisdiction under 35 U.S.C. 
§ 6(b). 
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Invention 

The invention at issue on appeal enables two software applications, 
each residing on computers behind separate firewalls, to communicate bi- 
directionally as if they were connected over the same private network. 
Neither firewall needs to be modified in any way to facilitate this 
communication. (Spec. 7.) 

Illustrative Claim 

74. A method of communicating between a first 
computer protected by a first firewall and a second computer 
protected by a different second firewall via a third intermediate 
computer, comprising the steps of: 

transmitting a request from the second computer to the 
third intermediate computer through the second firewall to 
establish a receive channel between the third intermediate 
computer and the second computer; 

receiving from the third intermediate computer a 
response to the request, the response establishing a receive 
channel between the third intermediate computer and the 
second computer that is to be kept open for subsequent 
transmissions from the third intermediate computer; and 

receiving data via the receive channel, wherein the data 
was transmitted from the first computer to the third 
intermediate computer through the first firewall via a network 
connection initiated by the first computer, then transmitted from 
the third intermediate computer to the second computer via the 
receive channel. 

Prior Art 

Alden US 6,101,543 Aug. 8, 2000 
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Erickson US 6,412,009 Bl Jun. 25, 2002 



Rejection 

Claims 55-81 stand rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Alden and Erickson. 



CLAIMS 55-69, 72-77, AND 80 

When multiple claims subject to the same ground of rejection 
are argued as a group by appellant, the Board may select a 
single claim from the group of claims that are argued together 
to decide the appeal with respect to the group of claims as to the 
ground of rejection on the basis of the selected claim alone. 
Notwithstanding any other provision of this paragraph, the 
failure of appellant to separately argue claims which appellant 
has grouped together shall constitute a waiver of any argument 
that the Board must consider the patentability of any grouped 
claim separately. 

37 C.F.R. §41.37(c)(l)(vii). 

Here, the Appellants argue claims 66 and 74, which are subject to the 
same ground of rejection, as a group. (App. Br. 11-12). They do not argue 
the rejection of claims 67-69, 73, and 75-77 separately. We select claim 74 
as the sole claim on which to decide the appeal of claims 66-69 and 73-77. 

The Appellants also argue claims 72 and 80, which are subject to the 
same ground of rejection, as a group. (App. Br. 14.) We select claim 80 as 
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the sole claim on which to decide the appeal of both claims. We consider 
claims 55 and 57, however, separately. 

Issue 

The Examiner finds "that Alden teaches the establishment of 
communication of the connection of A->Firewall->B->C->Firewall->D and 
the reverse D->Firewall->C->B->Firewall->A . . . (Alden, Col. 7 lines 1-19 
pair- wise) [.]" (Ans. 10.) The Appellants argue that "nothing in Alden or 
Erickson discloses or suggests the creation of two return paths requested by 
two different computers and then transmitting data from the first computer to 
the second computer over the second return path . . . ." (Appeal Br. 9.) 
They also argue that "in Alden only one computer initiates the tunnel, and 
the second endpoint computer is a passive recipient (i.e., it does not 'initiate' 
the connection with the other computers)." {Id. 15.) 

Therefore, the issue before us is whether the Appellants have shown 
error in the Examiner's finding that Alden teaches establishing and using 
connections as recited in claims 55 and 57 or as recited in claim 74 and 
initiating communication as recited in claim 80. 

Law 

"[T]he PTO gives claims their 'broadest reasonable interpretation.'" 
In re Bigio, 381 F.3d 1320, 1324 (Fed. Cir. 2004) (quoting In re Hyatt, 
211 F.3d 1367, 1372 (Fed. Cir. 2000)). "Moreover, limitations are not to be 
read into the claims from the specification." In re Van Geuns, 988 F.2d 
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1181, 1184 (Fed. Cir. 1993) (citing In re Zletz, 893 F.2d 319, 321 (Fed. Cir. 
1989)). 

The question of obviousness is "based on underlying factual 
determinations including . . . what th[e] prior art teaches explicitly and 
inherently . . . ." In re Zurko, 258 F.3d 1379, 1383 (Fed. Cir. 2001). "In 
rejecting claims under 35 U.S.C. § 103, the examiner bears the initial burden 
of presenting a prima facie case of obviousness." In re Rijckaert, 9 F.3d 
1531, 1532 (Fed. Cir. 1993) (citing In re Oetiker, 977 F.2d 1443, 1445 (Fed. 
Cir. 1992)). "A prima facie case of obviousness is established when the 
teachings from the prior art itself would appear to have suggested the 
claimed subject matter to a person of ordinary skill in the art.'" In re Bell, 
991 F.2d 781, 783 (Fed. Cir. 1993) (quoting In re Rinehart, 531 F.2d 1048, 
1051 (CCPA 1976)). 

Findings of Fact (FFs) 

1. Alden's "FIG. 4 and FIG. 5 show an example embodiment of steps 
performed during establishment of the tunnel connection between Tunnel 
Server A 46 (node A') and Tunnel Server D 62 (node 'D') as shown in 
FIG. 3." (Col. 7, 11. 19-22.) "The tunnel . . . includes the tunnel end points 
and any intervening tunnel relays." (Id. 11. 24-26.) 

2. "During the steps shown in FIG. 4, each of the nodes A, B and C . . 
. establishes] a reliable transport layer (TCP) connection to the next node in 
the tunnel path . . . ." (Id. 11. 33-38.) "As shown for example in FIG. 4, at 
step 70 node A establishes a reliable transport layer connection with 
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node B." {Id. 11. 42-43.) "Node B establishes a reliable transport layer 
connection with the next node in the tunnel path, for example node C." {Id. 
11. 56-57.) "[N]ode C establishes a reliable transport layer connection with 
the next node along the tunnel path, in this case node D." (Col. 8, 11. 12-14.) 

3. "The tunnel connection between Tunnel Server A 46 and Tunnel 
Server D 62 is composed of reliable, pair-wise transport layer connections 
between Tunnel Server A 46 (node 'A'), Tunnel Relay B 54 (node 'B'), 
Tunnel Relay C 56 (node 'C'), and Tunnel Server D 62 (node 'D')." {Id. col. 
7, 11. 7-11.) 

Analysis 

We agree with the Appellants (Appeal Br. 9-11) that claims 55 and 57 
require creating two return paths requested by two different computers and 
then transmitting data from one of the computers to the other computer via 
one of the return paths. Giving it the broadest, reasonable construction, 
however, claim 74 merely requires creating at least one return path requested 
by a first computer and then transmitting data from a second computer to the 
first computer via the return path. 

Giving claim 78 its broadest, reasonable construction, moreover, the 
claim requires that either of two end point computers can initiate 
communication. 
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Alden describes a tunnel having node A and node D as end points. 
(FF 1.) Because nodes A and D are each a server computer (id.), these 
respectively constitute a first computer and a second computer. 

During establishment of the tunnel, node A creates a TCP connection 
with an intermediate node, viz., node B (FF 2). The TCP connection 
comprises a pair of transport layer connections. (FF 3.) We agree with the 
Examiner's aforementioned finding that one of the pair of connections 
constitutes a forward path, and the other constitutes a return path. 

The purpose of establishing the tunnel between nodes A and D is to 
enable the nodes to exchange data therebetween. At some point during use 
of the tunnel, therefore, we find that node D, i.e., the second computer, 
transmits data to node A, i.e., the first computer via the tunnel. In traversing 
the tunnel, the transmitted data cross the return path from node B to node A. 
Therefore, we agree with the Examiner's finding that Alden establishes and 
uses connections as recited in claim 74 and claims 66-69, 73, and 75-77, 
which fall therewith. 

Once the tunnel is established, we find that either node A or node D 
can initiate communications by sending data via the tunnel. Therefore, we 
agree with the Examiner's finding that Alden initiates communication as 
recited in claim 80 and claim 72, which falls therewith. 

Because node C of Alden creates a TCP connection with node D 
(FF 2), however, we disagree with the Examiner that the second computer, 
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i.e., node D, creates a return path. Therefore, we also disagree with his 
finding that Alden establishes and uses connections as recited in claims 55 
and 57 or in claims 56 and 58-65, which depend therefrom. Erickson does 
not cure the deficiency of Alden. 

Conclusion 

Based on the aforementioned facts and analysis, we conclude that the 
Appellants have shown error in the Examiner's finding that Alden teaches 
establishing and using connections as recited in claims 55 and 57 but have 
not shown error in his finding that the reference teaches establishing and 
using connections as recited in claim 74 or initiating communication as 
recited in claim 80. 



CLAIMS 70, 71, 78, AND 79 

The Examiner makes the following findings. 

Alden-Erickson teaches ... in the intermediate server 
computer, decrypting encrypted information received from the 
first computer using encryption keys shared between the first 
computer and the intermediate computer, and then re- 
encrypting the received information using encryption keys 
shared between the intermediate computer and the second 
computer. (Alden, Col. 8 lines 45-67. keys)[.]" 

(Ans. 5.) The Appellants argue that "the word 'encryption' appears nowhere 

in Erickson, and Alden only discloses encryption between tunnel endpoints, 

not encryption between the intermediate computer and the second 

computer." (App. Br. 15.) 



8 



Appeal 2008-005233 
Application 09/824,132 

Issue 

Therefore, the issue before us is whether the Appellants have shown 
error in the Examiner's finding that Alden teaches an intermediate server 
computer decrypting data received from the first computer and re-encrypting 
the data using a different key to send to the second computer as recited in 
claim 70 and his finding that the reference uses a key shared by the 
intermediate computer and the second computer to encrypt data sent by the 
first computer as recited in claim 78. 

Finding of Fact 

4. The part of Alden cited by the Examiner discloses in pertinent part 
that "the tunnel end points . . . exchange sufficient key exchange material to 
agree upon a set of session parameters for use during the tunnel connection 
such as cryptographic keys, key durations, and choice of encryption/ 
decryption algorithms." (Col. 8, 11. 53-57.) 

Analysis 

Alden discloses that the end points i.e., nodes A and D, of its tunnel 
exchange key material to agree upon a set of session parameters for use 
during the tunnel connection such as cryptographic keys. (FF 4.) Therefore, 
we agree with the Appellants that " Alden's improved system relies solely on 
session keys between two network endpoints . . . there is no decryption and 
re-encryption by an intermediate computer." (Reply Br. 6.) Erickson does 
not cure the deficiency of Alden. 
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Conclusion 

Based on the aforementioned facts and analysis, we conclude that the 
Appellants have shown error in the Examiner's finding that Alden teaches an 
intermediate server computer decrypting data received from the first 
computer and re-encrypting the data using a different key to send to the 
second computer as recited in claim 70 and his finding that the reference 
uses a key shared by the intermediate computer and the second computer to 
encrypt data sent by the first computer as recited in claim 78. 

DECISION 

We reverse the rejection of claims 55-65, 70, 71, 78, and 79 but affirm 
the rejection of claims 66-69, 72-77, and 80. 

No time for taking any action connected with this appeal may be 
extended under 37 C.F.R. § 1.136(a)(1). See 37 C.F.R. § 1.136(a)(l)(v). 

AFFFIRMED-IN-PART 
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